Title: GUIDELINES FOR COLLECTING AND CENTRALIZING NETWORK DIGITAL EVIDENCES

Issue Number: Vol. 1, No. 2
Year of Publication: Aug - 2011
Page Numbers: 437-458
Authors: Mohammed Abbas, Azizah Abdul Manaf, Elfadil Sabeil
Journal Name: International Journal of New Computer Architectures and their Applications (IJNCAA)
- Hong Kong

Abstract:


The digital evidences emphatically are commonly considered as a backbone for the forensic body in order to deliver a reliable investigation when a breach occurred since a forensic basically based on them. However, there are challenges harming the integrity and reliability of these digital evidences such as removing or tampering with them since most of equipments of production environment are accessible to intruders because they normally assign an Internet Protocol (IP). Therefore, a hidden mechanism namely Honeynet Architecture which located in the middle between the equipments and intruders is proposed for the sake of overcoming these weaknesses. In this paper, firstly the proposed mechanism for collecting and centralizing network digital evidences is studied and investigated as well, and then a comparison among the proposed solutions is conducted in order to state their characteristics that lead to choosing the most suitable choices. Secondly, a methodology to collect and centralize network digital evidences in order to come up with the reliable investigation is introduced. Finally, the guidelines to collect and centralize network digital evidences in a successful manner are produced.